Ransomware's Impact on Cloud Security
Learn why having robust cloud security is essential to blocking attacks.
Companies face new and sophisticated security threats every day. See how we tackle ransomware cloud security and why it’s important to have a robust service.
Ransomware is a type of malicious software that attempts to access systems and files that, when successful, blocks user access and demands a payment for a decryption key. Ransomware cloud security has the potential to save organizations financially, as well as in time and frustration.
Due to the increasing number of remote workers since the onset of Covid, more work is done in cloud-based environments. API-driven cloud services make monitoring, automation, and centralized access control easier and provide multiple ways to back up cloud resources, but the vast trove of data contained in cloud applications is a tempting target for ransomware attacks on cloud services. An increasing number of devices rely on cloud storage as well, giving threat actors additional targets and vectors in Internet of Things (IoT) devices.
Many organizations considering cloud migration wonder: can ransomware infect or encrypt cloud storage?
Even though traditional ransomware is less effective in cloud environments, this has not entirely stopped ransomware in the cloud. According to research released by the FBI, ransomware attacks recently increased by 20%, with associated losses tripling. And in 2020, about 98% of companies using the cloud reported one or more cloud data breaches.
Two specific ways ransomware affects cloud storage are attempts at data theft and attempts at uploading malware into the cloud using malicious files.
Threat actors often choose targets in the banking, healthcare, and government sectors. Ransomware attacks often give a deadline for payment, after which some additional threat kicks in: the ransom demand doubles, or files get released publicly or deleted permanently.
RansomCloud, or ransomware attacks tailor-made to target cloud systems, has become a major security problem for businesses as a new strain of ransomware threat. Cloud-based email accounts such as Office 365 are being targeted by RansomCloud. This attack starts with a phishing email. Users who take the bait get locked out of their email.
Ransomware in general has been around since 1989, when an attack affected up to 20,000 computers in 90 different countries via a quite innocent-seeming floppy disk. Distributed by researcher Joseph Popp, the disks supposedly contained a questionnaire to assess one’s risk of contracting AIDS. The delayed attack initiated after a computer booted up 90 times, triggering a message to display that the user would need to pay to access their computer again. The AIDS Trojan, or PC Cyborg, targeted the healthcare industry.
Since then, ransomware has continued to evolve with every new instance of technology and has now moved into the cloud.
Where traditional ransomware attacks individual systems or on-premises networks, ransomcloud attacks target cloud services and infrastructure specifically.
While new attacks are constantly being invented, three main categories of cloud ransomware attacks are prevalent. These include:
Cloud ransomware attacks that invade a cloud-synced file-sharing service and ransomware have both been on the rise. Often this attack originates with an infected end user device, which transmits malware to a cloud-synced service.
Cloud ransomware attacks may block users’ ability to access company email communications, the network and stored files, and applications stored on the cloud for hours – or even days.
In one instance, a Los Angeles hospital was reportedly asked to pay a ransom of $3.4 million, which left the hospital unable to use its system for ten days.
Varying with the target, ransom demands might be $50,000, or as one report claims, the average ransom demand may be $2.2 million, with an average payout of $541,010. Just in the last couple of years, 130 different ransomware families were identified.
Without ransomware cloud security or cloud ransomware protection, ransomware can affect both the availability of data (through data encryption or total system lockout by the ransomware) and confidentiality (where data may be gathered covertly and the ransom demands payment or the data will be leaked).
Cloud ransomware security is said to be a shared responsibility, as both the user organizations and cloud service providers share security efforts. Cloud vendors and infrastructure providers must remain vigilant against this separate category of attack.
There are several ways to protect your business and its cloud environments from ransomware attacks. Start with these three cloud services best practices.
Creating backups and testing regularly safeguards your system from cloud ransomware attacks.
Setting up cross-regional and cross-account backups, multiple backups, and verifying all backups occur on schedule and are fully functioning are three keys in preventing ransomware cloud backup attacks. Using multiple backup strategies helps avoid risking everything on a single point of failure.
When it comes to cloud ransomware security, your cloud host needs to adhere to strict security protocols and standards. Doing so allows for the identifying of anomalies and zero-day attacks (software vulnerability discovered by attackers before the vendor is aware of it) quickly. Relaying this information to the appropriate team is essential. The sooner the vendor is aware, the sooner a patch can be released to prevent the situation. Cloud incident response services can help catch these issues.
In order to identify those anomalies, logging and monitoring must take place, especially regarding sensitive data and actions. A strong cloud provider offers these tools, along with cloud backup ransomware protection.
Blocking known malicious websites and apps proactively (and adding to the list as they are identified) is an essential first step, but it isn’t enough. Educating employees on what to look for in potential scam communications is equally vital in protecting your network. Ransomware actors constantly adapt their tactics, techniques, and procedures (TTPs), so employee education about how to keep their computers, network access, and information safe is the best way to stay safe.
Seagate Lyve Cloud is a solution that can offer protection against these ransomware attacks through:
With Lyve Cloud having its own encryption capabilities, your data is secure in use, in transit, and in storage. Object versioning allows restoration in case of attacks and corruption, while object immutability options protect against all forms of potential deletion and attacks.
Security must be prioritized during all stages of business development. Shift left security — implementing security measures in the earliest possible stage in the development process or throughout the entire development lifecycle is the ideal approach (and the one Seagate employs in its world class security measures). This approach allows developers to identify and fix security issues as they come up and doesn’t leave your data vulnerable even in the testing environment.
Deletion protection tools such as object locks or resource locks prevent users from accessing and deleting information without further authentication. Implementing object immutability along with other layers will at a minimum slow down ransomware actors’ attempts to compromise your systems. Designing containers, namespaces, virtual machines, virtual private clouds and account isolation protocols reduces the impact of a given security breach. Defining perimeters around a group of cloud-based resources can protect critical data.
With ransomware cloud security, identity and access management (IAM) is the first line of defense in most cloud environments. A leaked credential with full privileges can be devastating because with one set of credentials every cloud resource may be accessed. To minimize risks, rotate access keys, enable multifactor authentication (MFA) for users, and disable any unused credentials in a timely manner. Using Federated Identity Management (FIM) to centrally manage access control is also beneficial.
By adopting a least-privilege access strategy, one can also prevent unwanted data access and deletion. Many users have access beyond what they truly need to do their job, by default. Determining which users and groups need only read privileges verses delete and modification privileges can limit an attack’s effects.
When ransomware cloud security measures are taken, tasks can be easily automated, access and privileges assigned appropriately, and profiles can be managed more effectively, saving your organization time, money, and great distress during a ransomware attack.
To learn more about how to protect against ransomware with Lyve Cloud, read our Ransomware Data Protection Solution Brief.